Security Experts Find House Anti-Piracy Bill's DNS Filtering Provisions Lacking
Modernizing Authentication — What It Takes to Transform Secure Access
Security experts expressed strong concerns about the provisions in the anti-piracy bill that would prevent Internet users from accessing certain Websites.
The Stop Online Piracy Act was introduced last month by Rep. Lamar Smith, R-Texas, the chairman of the House Judiciary committee. The House Judiciary hearing on Nov. 16 invited various industry giants, including the Motion Picture Association of America (MPAA), Pfizer and Google, to weigh in on the bill. Smith has said he intends to mark up the bill by the end of the year, after which the bill will go to the full House of Representatives for a floor vote.
SOPA's sweeping provisions would allow the government and copyright holders to punish Web companies for hosting unauthorized copyrighted content, such as movies, songs and software. The bill is the House counterpart to the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property (Protect-IP) Act that was passed by the Senate earlier this year and is aimed toward stopping online piracy. Sen. Ron Wyden, D-Ore., placed a hold on the bill in May over concerns about its potential to "muzzle speech and stifle innovation and economic growth."
SOPA's backers argue that new legislation is necessary to combat rogue foreign Websites that violate United States copyright laws, and SOPA provides the mechanism for shutting down those sites that operate outside the U.S. legal system.
Giving copyright holders the legal means to isolate and shut down Websites or online services found hosting illegal content would be a strong anti-piracy tool, advocates claim. Critics argue that SOPA's definitions of what constitutes a "rogue Website" and the proposed remedies are too broad and too vague.
If passed, SOPA would also allow the United States government to order companies to cut off revenue to the site, force search engines to suppress all mention of the site in search results and blacklist the site containing infringing material using Domain Name System (DNS) filtering techniques similar to those used by totalitarian regimes abroad, such as China and Iran.
Authoritarian governments "resent the openness and democratic nature of the Internet," and want to regulate it, said Edward Black, president and CEO of the Computer and Communications Industry Association. "The United States cannot resist the regulation and repression elsewhere if we yield to pressure to do the same here," Black said.
"There's a bill that would require Internet service providers to remove URLs from the Web, which is also known as censorship last time I checked," Eric Schmidt, executive chairman of Google, said during a visit to the Massachusetts Institute of Technology on Nov. 16.
Security and technology experts are concerned about the DNS filtering proposed in SOPA and, to some extent, in Protect IP. "There is hardly any part of the United States economy today that does not depend upon the smooth operation of the Internet, which in turn relies upon the integrity of DNS ," wrote Andrew Lee, CEO of ESET, in a letter to Congress. DNS filtering as outlined in SOPA "would seriously undermine that integrity," according to Lee.
Lee also noted that the DNS provisions appear "to be at odds with the sterling efforts" of U.S. law enforcement. Just last week, the FBI arrested a group of cyber-criminals who had been using the DNSchanger Trojan to "subvert DNS for illegal purposes" and diverting users to sites other than where they were trying to go, wrote Steve Cobb, a security evangelist for ESET.